1 / 12

PREVIOUS GNEWS

PREVIOUS GNEWS. Patch Tuesday. 4 Patches – 9 bugs addressed Affecting Windows, SQL, Exchange (OWA) Other updates, MSRT, Defender Definitions, Junk Mail Filter. 8 Security Patches - 5 Critical, 1 Moderate MS08-037 – DNS - Spoofing

donovan-rojas
Download Presentation

PREVIOUS GNEWS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PREVIOUS GNEWS

  2. Patch Tuesday • 4 Patches – 9 bugs addressed • Affecting Windows, SQL, Exchange (OWA) • Other updates, MSRT, Defender Definitions, Junk Mail Filter • 8 Security Patches - 5 Critical, 1 Moderate • MS08-037 – DNS - Spoofing • MS08-038 – Windows Explorer - Remote Code Execution • MS08-039 – OWA – Privilege Escalation • MS08-040 – SQL – Privilege Escalation

  3. Holes / Patches • Apple 2008-004, 25 fixes • Apple Safari 3.1.2 for Windows • Apple Safari 3.1.2 for OS X 10.4.11 • AppleScript, Privilege Escalation • New Mac Trojans, one using the above AppleScript vuln • Vim, Multiple vulnerabilities, allows code execution • X Server, Multiple vulnerabilities, local information disclosure • Disable MIT-SHM extensions • VMware ESX, Multiple vulnerabilities • Ruby, Integer Handling errors, Allows code execution • FireFox, ver 2.x and 3.x • Adobe, error in javascript handling, Allows code execution

  4. Hacking • MS releases free sql injection auditing tools • UK (London) Oyster Card has been cloned • American Airlines to launch in flight wireless, Gogo by Aircell • VOIP on the iPhone, iCall • Chaos Computer Club, Privacy • N.Runs reports 800+ vulnerabilities in various Antivirus Engines • Brightnets, Distributed File System • Japanese Age Verification Camera system duped by magazine photos

  5. Books Hackerteen Volume 1: Internet Blackout Macelo Marques Crimeware: Understanding New Attacks and Defenses Markus Jakobsson, Zulfikar Ramzan VMware ESX Server in the Enterprise: Planning and Securing Virtualization Servers Edward L. Haletky Nmap Network Scanning (coming soon) Fyodor

  6. Corp. Hell India to crack BlackBerry Encryption if RIM doe not open network Retail “Box” Sales of XP stops, Still available to large OEM companies John Burris from Citrix, Named new SourceFire CEO Pirate Bay offers SSL encryption in wake of Swedish wiretap law Formal Certification Standards? Office of Management and Budget Chrysler adds wifi to 2009 car line Charter Communication’s NebuAd shut down in development Behavioral Marketing System declared a man-in-the-middle attack by Congress, ICANN approves expansion of TLDs, still no .XXX Allows “vanity” TLDs like .mac .msn .cbs GoDaddy VP busted bidding up domain auctions

  7. Papers • Richard Bennet comments on NetNeutrality (against) • NIST releases 3 revisions to the 800 series security guides.

  8. Film / Music • RIAA backs out of ‘Making Available” argument, requests dismissal of case • RIAA raises settlement cost from 3,000 to 8,000 • MPAA requests FCC for waiver to SOC (selectable output control) ruling • Would allow them to block dvr recordings of HD movies • IpTables rules to drop reset packets and evade Comcast throttling

  9. WTF • LA Judge presiding over obscenity trial busted with porn on public website • AVG LinkScanner, generating mass quantities of fake traffic

  10. Updates • Sysinternals Live • Windows Search 4 for XP • Maltego Community Edition • Maltego for Windows • Opera 9.51 • FireFox 3 • ClamAV 0.93.3 • Apple SproutCore, Web App Framework • iPhoneDbg ToolKit • IPTables 1.4.1.1 • RFDump 1.6 • BackTrack 3 • Snort 3 Beta, Snort Security Platform (SnortSP) • Nmap 4.68 • Google RatProxy

  11. CON Events • Future Cons • HOPE 7, 18 - 20 July / New York NY • USENIX 17th Security Symposium, 28 July - 1 Aug / San Jose CA • REcon 2008, 13 – 15 June / Montreal CA • Black Hat USA, 2 - 7 Aug / Las Vegas NV • DefCon, 8 - 10 August / Las Vegas NV • Chaos Communications Camp, TBD / Berlin

  12. All images scavenged without permission All images scavenged without permission

More Related